12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- // Copyright 2021 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package asymkey
-
- import (
- "bytes"
- "fmt"
- "strings"
-
- "code.gitea.io/gitea/models/db"
- user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/git"
- "code.gitea.io/gitea/modules/log"
-
- "github.com/42wim/sshsig"
- )
-
- // ParseCommitWithSSHSignature check if signature is good against keystore.
- func ParseCommitWithSSHSignature(c *git.Commit, committer *user_model.User) *CommitVerification {
- // Now try to associate the signature with the committer, if present
- if committer.ID != 0 {
- keys, err := ListPublicKeys(committer.ID, db.ListOptions{})
- if err != nil { // Skipping failed to get ssh keys of user
- log.Error("ListPublicKeys: %v", err)
- return &CommitVerification{
- CommittingUser: committer,
- Verified: false,
- Reason: "gpg.error.failed_retrieval_gpg_keys",
- }
- }
-
- committerEmailAddresses, err := user_model.GetEmailAddresses(committer.ID)
- if err != nil {
- log.Error("GetEmailAddresses: %v", err)
- }
-
- activated := false
- for _, e := range committerEmailAddresses {
- if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
- activated = true
- break
- }
- }
-
- for _, k := range keys {
- if k.Verified && activated {
- commitVerification := verifySSHCommitVerification(c.Signature.Signature, c.Signature.Payload, k, committer, committer, c.Committer.Email)
- if commitVerification != nil {
- return commitVerification
- }
- }
- }
- }
-
- return &CommitVerification{
- CommittingUser: committer,
- Verified: false,
- Reason: NoKeyFound,
- }
- }
-
- func verifySSHCommitVerification(sig, payload string, k *PublicKey, committer, signer *user_model.User, email string) *CommitVerification {
- if err := sshsig.Verify(bytes.NewBuffer([]byte(payload)), []byte(sig), []byte(k.Content), "git"); err != nil {
- return nil
- }
-
- return &CommitVerification{ // Everything is ok
- CommittingUser: committer,
- Verified: true,
- Reason: fmt.Sprintf("%s / %s", signer.Name, k.Fingerprint),
- SigningUser: signer,
- SigningSSHKey: k,
- SigningEmail: email,
- }
- }
|